From f53a9945774df5f6a9efc158887f3685c7255ab2 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 1 Feb 2020 12:41:58 +0000 Subject: Correctly unpack client key shares. Even if we're not processing/using the peer public key from the key share, we still need to unpack it in order to parse the TLS extension correctly. Resolves issues with TLSv1.3 clients talking to TLSv1.2 server. ok tb@ --- src/lib/libssl/tls13_key_share.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'src/lib/libssl/tls13_key_share.c') diff --git a/src/lib/libssl/tls13_key_share.c b/src/lib/libssl/tls13_key_share.c index 9a83b9f9f7..3fe38ecc37 100644 --- a/src/lib/libssl/tls13_key_share.c +++ b/src/lib/libssl/tls13_key_share.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_key_share.c,v 1.1 2020/01/30 17:09:23 jsing Exp $ */ +/* $OpenBSD: tls13_key_share.c,v 1.2 2020/02/01 12:41:58 jsing Exp $ */ /* * Copyright (c) 2020 Joel Sing * @@ -161,22 +161,14 @@ int tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group, CBS *cbs) { - CBS key_exchange; - if (ks->group_id != group) return 0; - if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) - return 0; - if (ks->nid == NID_X25519) { - if (!tls13_key_share_peer_public_x25519(ks, &key_exchange)) + if (!tls13_key_share_peer_public_x25519(ks, cbs)) return 0; } - if (CBS_len(cbs) != 0) - return 0; - return 1; } -- cgit v1.2.3-55-g6feb